I've followed all the steps for installation of mod_ssl
and mod_ssl enabled httpd was created. It is listening on port 443. The
problem is with server certificate. While generating self signed certificate,
as per the procedure given in faq, everything went ok except in the end
of the script "sign.sh" when there was an error message saying that the
certificate could not be verified with self generated ca.crt! Although
it has generated the server.crt certificate file and it verifies with the
private key.
Various messages are as follows:
--------------------
File: ssl_engine_log
Message:
verify error:num=18:self signed certificate
verify return:1
depth=0 /C=IN/ST=Delhi/L=Delhi/O=AIR/OU=EDP/CN=hostname.domain/Email=name@domain
verify error:num=7:certificate signature failure
verify return:1
depth=0 /C=IN/ST=Delhi/L=Delhi/O=AIR/OU=EDP/CN=hostname.domain/Email=name@domain
verify return:1
SSL_connect:error in SSLv3 read server certificate B
SSL_connect:error in SSLv3 read server certificate B
18690:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block
type is not 01:rsa_pk1.c:100:
18690:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check
failed:rsa_eay.c:394:
18690:error:0D079006:asn1 encoding routines:ASN1_verify:bad get asn1
object call:a_verify.c:106:
18690:error:140900F7:SSL routines:SSL3_GET_SERVER_CERTIFICATE:unknown
certificate type:s3_clnt.c:793:
---------------
File: error_log
Message:
[Nov 29 15:51:03 1999] [error] mod_ssl: SSL handshake failed (server
hostname.domain:443, client 172.16.1.59) (OpenSSL library error follows)
[Mon Nov 29 15:51:03 1999] [error] OpenSSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3
alert bad certificate [Hint: Subject CN in certificate not server
name or identical to CA!?]
------------------------
Tail message of the command:
#openssl s_client -connect hostname.domain:443 -state -debug
It gets connected to the server and prints lot of numbers followed by
this:
connection to child 0 established (server hostname.domain:443, client
172.16.1.59)
[29/Nov/1999 15:51:03 18683] [error] SSL handshake failed (server hostname.domain:443,
client 172.16.1.59) (OpenSSL library error follows)
[29/Nov/1999 15:51:03 18683] [error] OpenSSL: error:14094412:SSL routines:SSL3_READ_BYTES:sslv3
alert bad certificate [Hint: Subject CN in certificate not server name
or identical to CA!?]
[29/Nov/1999 15:52:29 18685] [info] Connection to child 2 established
(server hostname.domain:443, client 172.16.1.1)
[29/Nov/1999 15:52:29 18685] [info] Spurious SSL handshake interrupt[Hint:
Usually just one of those OpenSSL confusions!?]
[29/Nov/1999 15:54:00 18684] [info] Connection to child 1 established
(server hostname.domain:443, client 172.16.1.1)
[29/Nov/1999 15:54:00 18684] [info] Spurious SSL handshake interrupt[Hint:
Usually just one of those OpenSSL confusions!?]
---------------------
The error shows CN in certificate not identical to CA, but this is not
the problem. They are same.
On the Netscape 4.05 browser it says, "The server's certificate has
an invalid signature. You will not be able to connect to this site securely."
And finally nothing happens on browser.
Please someone tell me what is the problem?
Thanks
N.K. Narang
New Delhi
[EMAIL PROTECTED]
